Data of more than 20 million VPN services users leaked
The data of more than 20 million users of free VPN services has become publicly available on the Internet. This is reported by the vpnMentor research team. Among the compromised applications were Free VPN, Super VPN, Flash VPN, Secure VPN and some others. According to the researchers who discovered the leak, this incident is a blatant case of disregard for basic safety rules.
VPN services are designed to protect users ‘ online privacy by anonymizing users’ data and protecting users from cybercriminals. In addition, VPN services help one to circumvent blockages in different countries, use applications that can’t be accessed in their region, and solve a number of other problems. Given that providing anonymity is one of the main tasks of VPN technology, data leakage from such services seems even more frightening.
As vpnMentor notes, this incident demonstrates “a complete disregard for VPN standards that puts users’ privacy at risk.”
The leak occurred in seven VPN services : UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. At the same time, the total amount of personal data that became freely available equals 1.2 TB. The researchers found information about users ‘ Internet activity, their email addresses, unencrypted passwords, IP addresses, home addresses, smartphone models and their IDs, as well as other technical details.
According to vpnMentor, it is likely that all the services that lost their users ‘ data belong to one developer. This is indicated by the fact that they share the same ElasticSearch servers. Besides, all payments from these services are sent to the address of one recipient : Dreamfii HK Limited. At least three of the above-mentioned services have almost identical branding on their sites.
The interviewed experts admit that the data leak can lead to spam, phishing mailings, as well as hacking of other accounts, if cybercriminals will make use of email addresses and passwords. VPN services users can also become victims of extortion or blackmail.
In addition, some users who have suffered due to the negligence of VPN owners may end up in prison since such services are often used by people living in authoritarian countries with repressive policies. If deanonymized, they will become an easy target for local authorities.